CVE-2018-4170

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution...

CVE-2018-4170

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution...

Default credentials

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution...

CVE-2018-4170

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution...

CVE-2018-4170

CVE-2018-4170 affects macOS High Sierra prior to 10.13.4 (Admin Framework). A local attacker could disclose passwords by listing the sysadminctl process and its command-line arguments, which included the password parameter. Apple mitigated this in macOS 10.13.4 Security Update 2018-002 (and relat...

Apple macOS High Sierra Admin Framework Password Disclosure Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.Admin Framework is one of the administrator frameworks. A security vulnerability exists in the Admin Framework component in Apple macOS High Sierra versions prior to 10.13.4, which stems from the...

macOS 10.13.x < 10.13.4 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.4. It is, therefore, affected by multiple vulnerabilities in the following components : - Admin Framework - APFS - ATS - CoreFoundation - CoreText - Disk Images - Disk Management - File System Events - iCloud...

Mac OS X < 10.10.4 Multiple Vulnerabilities

Binary data 8801.prm...

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following: Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to...

CVE-2015-3673

Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility...

CVE-2015-3672

Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors...

CVE-2015-3671

Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors...

Authentication flaw

Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors...

Directory traversal

Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility...

Immunity Canvas: OSX_ROOTPIPE2

Name| osxrootpipe2 ---|--- CVE| CVE-2015-3673 Exploit Pack| CANVAS Description| OS X XPC Admin Framework rootpipe 2 local privilege escalation Notes| CVE Name: CVE-2015-3673 VENDOR: Apple Notes: Rootpipe 2 for Mac OS X 10.10.3 Repeatability: Multiple Times References:...

Authentication flaw

Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors...

CVE-2015-3673

Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility...

CVE-2015-3671

CVE-2015-3671 affects Mac OS X: Admin Framework in OS X versions prior to 10.10.4 fails to properly verify XPC entitlements, allowing a local user to bypass authentication and gain admin privileges. The issue is tied to entitlement checks and is addressed in the OS X 10.10.4/Security Update 2015-...

CVE-2015-3672

CVE-2015-3672 affects Apple OS X (Yosemite 10.10.x) Admin Framework. Root cause: improper handling of authentication errors may allow a local user to obtain admin privileges via unspecified vectors. Impact: local privilege escalation to admin rights. Remediation: Apple released OS X 10.10.4 and S...

CVE-2015-3673

CVE-2015-3673 affects Apple OS X prior to 10.10.4. The issue stems from the Admin Framework not properly restricting the location of writeconfig clients, enabling local users to obtain root privileges by moving and then modifying Directory Utility. Public references include exploits and PoCs (e.g...